iRule

Question

Hi all,Can i write an irule and apply it to all the virtual server in a ltm. For eg. i want to write an irule which would block traffic from a specific ip and it should be applied to all virtual server without manually adding the iRule to each VS&nbsp;&nbsp;

daniel_wolf · Answer

Hi&nbsp;mgrdta,you could use Packet Filter for that purpose instead of writing an iRule and applying it to all virtual servers.The risk with this process is, someone might forget to add the iRule to a new virtual server.Packet Filters are a global setting for the whole BIG-IP. Take a look here:MyF5 &gt;&gt; BIG-IP TMOS: Routing Administration &gt;&gt; Packet Filters&nbsp;KRDaniel&nbsp;

paulius · Answer

mgrdta If the F5 is not your perimeter device this should be blocked on your firewall or router depending on what you have to allow traffic in. As Daniel_Wolf stated, you are better off blocking this as a packet filter but you can create an iRule to block traffic from whatever source you would like. If you went the iRule route you might want to make it part of your build document so that when adding a new virtual server that you have an iRule that will always be applied no matter what and if you will eventually add more IPs to be blocked you should utilize a data-group to reference in your iRule for blocking sources.

Forum Discussion

iRule

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

irule ports

SSL Heartbleed iRule update

iRule help.

Redirect rewrite iRule

iRule redirection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS